4 months ago · c4b1e351bb
--- a/pro/auth/sync.go
+++ b/pro/auth/sync.go
@@ -10,7 +10,6 @@ import (
 
				 	"github.com/gravitl/netmaker/pro/idp/google"
			
 
				 	proLogic "github.com/gravitl/netmaker/pro/logic"
			
 
				 	"github.com/gravitl/netmaker/servercfg"
			
 
				-	"os"
			
 
				 	"strings"
			
 
				 	"time"
			
 
				 )
			
@@ -33,32 +32,43 @@ func SyncFromIDP() error {
 
				 	}
			
 
				 
			
 
				 	var idpClient idp.Client
			
 
				+	var idpUsers []idp.User
			
 
				+	var idpGroups []idp.Group
			
 
				 	var err error
			
 
				 
			
 
				-	switch os.Getenv("AUTH_PROVIDER") {
			
 
				+	switch settings.AuthProvider {
			
 
				 	case "google":
			
 
				 		idpClient, err = google.NewGoogleWorkspaceClient()
			
 
				 	case "azure-ad":
			
 
				 		idpClient, err = azure.NewAzureEntraIDClient()
			
 
				+	default:
			
 
				+		return nil
			
 
				 	}
			
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				 
			
 
				-	err = SyncUsers(idpClient)
			
 
				-	if err != nil {
			
 
				-		return err
			
 
				-	}
			
 
				+	if settings.AuthProvider != "" {
			
 
				+		idpUsers, err = idpClient.GetUsers()
			
 
				+		if err != nil {
			
 
				+			return err
			
 
				+		}
			
 
				 
			
 
				-	return SyncGroups(idpClient)
			
 
				-}
			
 
				+		idpGroups, err = idpClient.GetGroups()
			
 
				+		if err != nil {
			
 
				+			return err
			
 
				+		}
			
 
				+	}
			
 
				 
			
 
				-func SyncUsers(idpClient idp.Client) error {
			
 
				-	idpUsers, err := idpClient.GetUsers()
			
 
				+	err = syncUsers(idpUsers)
			
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				 
			
 
				+	return syncGroups(idpGroups)
			
 
				+}
			
 
				+
			
 
				+func syncUsers(idpUsers []idp.User) error {
			
 
				 	dbUsers, err := logic.GetUsersDB()
			
 
				 	if err != nil && !database.IsEmptyRecord(err) {
			
 
				 		return err
			
@@ -136,12 +146,7 @@ func SyncUsers(idpClient idp.Client) error {
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				-func SyncGroups(idpClient idp.Client) error {
			
 
				-	idpGroups, err := idpClient.GetGroups()
			
 
				-	if err != nil {
			
 
				-		return err
			
 
				-	}
			
 
				-
			
 
				+func syncGroups(idpGroups []idp.Group) error {
			
 
				 	dbGroups, err := proLogic.ListUserGroups()
			
 
				 	if err != nil && !database.IsEmptyRecord(err) {
			
 
				 		return err
			
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@@ -63,7 +63,8 @@ func UserHandlers(r *mux.Router) {
 
				 	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessGwsV1)))).Methods(http.MethodGet)
			
 
				 	r.HandleFunc("/api/users/ingress/{ingress_id}", logic.SecurityCheck(true, http.HandlerFunc(ingressGatewayUsers))).Methods(http.MethodGet)
			
 
				 
			
 
				-	r.HandleFunc("/api/idp/sync", logic.SecurityCheck(true, http.HandlerFunc(syncIdp))).Methods(http.MethodPost)
			
 
				+	r.HandleFunc("/api/idp/sync", logic.SecurityCheck(true, http.HandlerFunc(syncIDP))).Methods(http.MethodPost)
			
 
				+	r.HandleFunc("/api/idp", logic.SecurityCheck(true, http.HandlerFunc(removeIDPIntegration))).Methods(http.MethodDelete)
			
 
				 }
			
 
				 
			
 
				 // swagger:route POST /api/v1/users/invite-signup user userInviteSignUp
			
@@ -1403,7 +1404,7 @@ func deleteAllPendingUsers(w http.ResponseWriter, r *http.Request) {
 
				 // @Router      /api/idp/sync [post]
			
 
				 // @Tags        IDP
			
 
				 // @Success     200 {object} models.SuccessResponse
			
 
				-func syncIdp(w http.ResponseWriter, r *http.Request) {
			
 
				+func syncIDP(w http.ResponseWriter, r *http.Request) {
			
 
				 	go func() {
			
 
				 		err := proAuth.SyncFromIDP()
			
 
				 		if err != nil {
			
@@ -1415,3 +1416,57 @@ func syncIdp(w http.ResponseWriter, r *http.Request) {
 
				 
			
 
				 	logic.ReturnSuccessResponse(w, r, "starting sync from idp")
			
 
				 }
			
 
				+
			
 
				+func removeIDPIntegration(w http.ResponseWriter, r *http.Request) {
			
 
				+	superAdmin, err := logic.GetSuperAdmin()
			
 
				+	if err != nil {
			
 
				+		logic.ReturnErrorResponse(
			
 
				+			w,
			
 
				+			r,
			
 
				+			logic.FormatError(fmt.Errorf("failed to get superadmin: %v", err), "internal"),
			
 
				+		)
			
 
				+		return
			
 
				+	}
			
 
				+
			
 
				+	if superAdmin.AuthType == models.OAuth {
			
 
				+		logic.ReturnErrorResponse(
			
 
				+			w,
			
 
				+			r,
			
 
				+			logic.FormatError(fmt.Errorf("cannot remove idp integration with superadmin oauth user"), "badrequest"),
			
 
				+		)
			
 
				+		return
			
 
				+	}
			
 
				+
			
 
				+	settings := logic.GetServerSettings()
			
 
				+	settings.AuthProvider = ""
			
 
				+	settings.OIDCIssuer = ""
			
 
				+	settings.ClientID = ""
			
 
				+	settings.ClientSecret = ""
			
 
				+	settings.SyncEnabled = false
			
 
				+	settings.GoogleAdminEmail = ""
			
 
				+	settings.GoogleSACredsJson = ""
			
 
				+	settings.AzureTenant = ""
			
 
				+	settings.UserFilters = nil
			
 
				+	settings.GroupFilters = nil
			
 
				+
			
 
				+	err = logic.UpsertServerSettings(settings)
			
 
				+	if err != nil {
			
 
				+		logic.ReturnErrorResponse(
			
 
				+			w,
			
 
				+			r,
			
 
				+			logic.FormatError(fmt.Errorf("failed to remove idp integration: %v", err), "internal"),
			
 
				+		)
			
 
				+		return
			
 
				+	}
			
 
				+
			
 
				+	go func() {
			
 
				+		err := proAuth.SyncFromIDP()
			
 
				+		if err != nil {
			
 
				+			logger.Log(0, "failed to sync from idp: ", err.Error())
			
 
				+		} else {
			
 
				+			logger.Log(0, "sync from idp complete")
			
 
				+		}
			
 
				+	}()
			
 
				+
			
 
				+	logic.ReturnSuccessResponse(w, r, "removed idp integration successfully")
			
 
				+}